ESSoS '09 Proceedings of the 1st International Symposium on Engineering Secure Software and Systems
A systematic review of security requirements engineering
Computer Standards & Interfaces
A Personal Data Audit Method through Requirements Engineering
Computer Standards & Interfaces
ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
| Hi-index | 0.02 |
To offer competitive products and services in the telecom business information security serves as an enabler and competitive factor. Unfortunately, traditional risk analysis and security engineering methods have shown to suffer from several shortcomings when applied to the telecom business. To overcome these shortcomings we propose a security engineering method called SKYDD covering information, infrastructure, and business requirements based on information classification. The method uses a combination of reference tables and checklists and addresses many of the shortcomings of traditional methods. Well-integrated in to the development process SKYDD has proven to simplify security requirement gathering, reduce lead times and provide consistent requirements across different projects and project organizations, much of this due to the fact that the method is designed to be used by non-security experts.